From nobody Wed Feb 01 22:28:49 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P6c5Z1f6jz3cCFq; Wed, 1 Feb 2023 22:28:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P6c5Z15XVz4Gp7; Wed, 1 Feb 2023 22:28:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675290530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MaRRWeUG6WxZuRcOCT4/OFfYKVPvpj5dpZ2CgqRhGfk=; b=h7KHSyuH1n++CY3bj0gZ20VKgaIovBJKpkJbg2Cv4P1/YoeLO89txOEOVUum+AmJCj4LDm mNzIhQ2124SqRzRKOehx1lVTk1igPPyTOGcBzyxx2gqG2oitrr3FiXAQXJhUMM9cPURT8Y hjMRVrqLgnyzmtkeA4ZIk1vQARsMDmxH233UKYznKE3j5HFh/xzTis7wpyf6cRhMJZj55S rMNcfRzlPJUfMIfgys/46luxAayilLBCQ/J+c6Ni1hBSanQkf5wY2xEkkmEAjUCxygIokF rLWbfMd9m2mlJa1SLQBy8hjcGH7aUj7AdmLfQE+YLHKnVbKOrKAN+X5BSTP1Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675290530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=MaRRWeUG6WxZuRcOCT4/OFfYKVPvpj5dpZ2CgqRhGfk=; b=P78a+L2oEk3kznsm6UaIWjyS0/M6/0Tv1v6h0RtNknhUz/f5b9qFUcZFlu02Nhb1CGIzOS 0521gVqblAkaZwYxk/HiuaORcdtRGaovIhlK+qhB+J72zpzzjc2edWYHXimlacnhb74ekF hmVXB2PmHdM7v5r5PylfZhR+EmSxB10Yh2vihMssbWCUgBmMbLI7GibVadIhg/BYw0Ruz+ WclOpqcD40hXph3ZoC0H2yJ8Xl43ME8liF15pqP3oSf8kNtzj6mjCRYqBZ4hv8CQr6sFoR Rtg0UX2lAnb8FoOgvcy46Ao04ONxRyqQ+lDOH1I/VODZz6h1BRFfsQ5yVuUVCA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675290530; a=rsa-sha256; cv=none; b=Q6JjHLX3dwh4/vzayokpdIbGj4soNVFmXmzREKys2IUgAhaVixu2ZoZR6qUfgDNQyUityg ajUpoz57bRjbv96eMPjDOnNtCM1EfHQmIAezdu9/nSlrZ6adK4DpJaa1oprVfQMXtGE+rb BY/KTc16bfyZHpZIVftEh5IPRtbHP7Z1356xVoph9NuenCRT3AFVRHE+vX+WOUl9a7EBS0 +2UGIqbnzsIiSOemsTdon0ZH4Y9CXmtq9nhyc5O8FA25k6F+8v0B2SMgLPb8D3NJ9ffZtY Zjy78g3Wx1GK+pnu1r9cXWyy9C+6xsnuRpvUYWtLOPO938yINBZvH79zNOkkaA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P6c5Z07lzzWhB; Wed, 1 Feb 2023 22:28:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 311MSncM072358; Wed, 1 Feb 2023 22:28:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 311MSneL072357; Wed, 1 Feb 2023 22:28:49 GMT (envelope-from git) Date: Wed, 1 Feb 2023 22:28:49 GMT Message-Id: <202302012228.311MSneL072357@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: a8ac188a425a - stable/13 - sctp: ensure that ASCONF chunks are not too large List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: a8ac188a425aaab990477c72e1b8c59fb7b6bf69 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=a8ac188a425aaab990477c72e1b8c59fb7b6bf69 commit a8ac188a425aaab990477c72e1b8c59fb7b6bf69 Author: Michael Tuexen AuthorDate: 2022-03-29 23:22:20 +0000 Commit: Michael Tuexen CommitDate: 2023-02-01 22:28:28 +0000 sctp: ensure that ASCONF chunks are not too large (cherry picked from commit 218e463b85c4b78af93583cfc3d95a1cab8408bf) --- sys/netinet/sctp_asconf.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c index 411440468856..a4457471410e 100644 --- a/sys/netinet/sctp_asconf.c +++ b/sys/netinet/sctp_asconf.c @@ -2561,7 +2561,7 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) struct sctp_asconf_chunk *acp; struct sctp_asconf_paramhdr *aph; struct sctp_asconf_addr_param *aap; - uint32_t p_length; + uint32_t p_length, overhead; uint32_t correlation_id = 1; /* 0 is reserved... */ caddr_t ptr, lookup_ptr; uint8_t lookup_used = 0; @@ -2574,6 +2574,20 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) if (aa == NULL) return (NULL); + /* Consider IP header and SCTP common header. */ + if (stcb->sctp_ep->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { + overhead = SCTP_MIN_OVERHEAD; + } else { + overhead = SCTP_MIN_V4_OVERHEAD; + } + /* Consider ASONF chunk. */ + overhead += sizeof(struct sctp_asconf_chunk); + /* Consider AUTH chunk. */ + overhead += sctp_get_auth_chunk_len(stcb->asoc.peer_hmac_id); + if (stcb->asoc.smallest_mtu <= overhead) { + /* MTU too small. */ + return (NULL); + } /* * get a chunk header mbuf and a cluster for the asconf params since * it's simpler to fill in the asconf chunk header lookup address on @@ -2615,7 +2629,7 @@ sctp_compose_asconf(struct sctp_tcb *stcb, int *retlen, int addr_locked) /* get the parameter length */ p_length = SCTP_SIZE32(aa->ap.aph.ph.param_length); /* will it fit in current chunk? */ - if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu) || + if ((SCTP_BUF_LEN(m_asconf) + p_length > stcb->asoc.smallest_mtu - overhead) || (SCTP_BUF_LEN(m_asconf) + p_length > MCLBYTES)) { /* won't fit, so we're done with this chunk */ break;